Hi [[ session.user.profile.firstName ]]

Cloud Security Alliance: CloudBytes

  • Date
  • Rating
  • Views
  • GDPR: Personal Data Protection Compliance is a Business Matter
    GDPR: Personal Data Protection Compliance is a Business Matter Prof. Dr. Paolo Balboni, Business Lawyer and Partner at ICT Legal Consulting Recorded: May 22 2018 59 mins
    Many companies approach compliance activities with the forthcoming European General Data Protection Regulation REGULATION (EU) 2016/679 as a purely legal matter. But this is a very shortsighted approach. Compliance with the GDPR is becoming a necessary business requirement. Only companies that will be able to reassure business partners and consumers regarding their alignment to the new EU Regulation will stay competitive in the digital market. Moreover, if performed in a strategic way, compliance with the GDPR enables businesses to process personal data in manifold ways and thus to extract meaningful information from them in order to better serve actual and future customers, as well as to improve efficiency.

    During the webinar Prof. Dr. Paolo Balboni (Business Lawyer, Partner at ICT Legal Consulting) will present a strategic approach to GDPR compliance aimed at mitigating the legal risk and maximising the benefits of data processing activities.
  • 5 Steps to Boost Your Security Posture on AWS
    5 Steps to Boost Your Security Posture on AWS Neelum Khan, Tajvia Willis, and ​Sudha Iyer from Netskope Recorded: May 15 2018 28 mins
    Many customers have exposed their data in the cloud without proper security solutions. Securing data in the cloud to prevent exposures can present challenges to all enterprises. Despite the rapidly growing need for cloud-native visibility into behavior and activity across AWS environments, many companies are still in the beginning stages learning about best practices and security solutions for AWS. They want to know the best approach and how to get there.

    In this webinar, you will learn:
    - Common AWS security concerns
    - 5 steps you can take to boost your AWS security posture
    - How to implement these steps
  • How to Ace Type 2 SOC 2 with Zero Exceptions
    How to Ace Type 2 SOC 2 with Zero Exceptions Pete Cheslock and Pat Cable of Threat Stack Recorded: May 8 2018 43 mins
    Achieving Type 2 SOC 2 compliance with zero exceptions was no easy feat for Threat Stack. However, rather than implementing stringent security protocols at every point of production, they implemented and improved SecOps processes to make it happen.

    Learn how Threat Stack's Head of Ops, Pete Cheslock, and Sr. Infrastructure Security Engineer, Pat Cable collaborated to make the SOC 2 journey a success as well as the innovations created along the way (including a Change Management tool called ‘SockemBot’). Join this webinar to learn more about:

    - The SockemBot, ticketing workflows, and other SOC 2 innovations
    - Developer-approved operational changes for code and ticket mapping
    - The SOC 2 business benefits get to reap now
  • The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9
    The Road to GDPR Compliance: Tips from the Cloud Security Alliance and Dome9 Daniele Catteddu of CSA and Marina Segal of Dome9 Security Recorded: May 3 2018 57 mins
    General Data Protection Regulation (GDPR) is coming into effect on May 25, 2018. The requirements of GDPR are substantial and the penalties for non-compliance are severe. The new regulation will require companies across the globe to rethink how they store and handle customer data. Has your organization implemented the legal and technological controls required to comply?

    In this webinar, Daniele Catteddu, CTO of the Cloud Security Alliance (CSA) and Marina Segal, Lead Compliance Product Manager at Dome9, will discuss key challenges and best practices to address GDPR requirements. The webinar will cover compliance automation solutions available to help organizations achieve GDPR compliance and meet the May deadline.

    Topics we will cover:
    -Code of Conduct & Certification for GDPR Compliance
    -Where the most likely GDPR violations will occur
    -The impact of running workloads in the public cloud on GDPR
    -Best practices to simplify and speed up compliance
  • True Detective – Autopsy of latest O365 and AWS threats
    True Detective – Autopsy of latest O365 and AWS threats Brandon Cook, Thyaga Vasudevan, and Sandeep Chandana of McAfee Recorded: Apr 25 2018 60 mins
    How does your organization defend against the latest O365 and AWS threats including KnockKnock and Ghostwriter?

    Join CSA and McAfee to see an autopsy of two recent cloud threats: KnockKnock (O365) and Ghostwriter (AWS) uncovered CSA by our Cloud Threats Lab. We’ll share practical guidance on how to address the rapidly evolving cloud threat landscape, starting with user behavior analysis
    and leveraging the “network effect”.

    Specifically, we will discuss how Information Security teams can:
    • Catch third parties logging into corporate cloud service using stolen or misplaced login credentials to steal valuable corporate data
    • Detect malicious or negligent insider stealing or unintentionally exposing data from O365 and AWS
    • Identify malicious administrators accessing data out of policy, intentionally degrading security settings, or creating dummy accounts for unauthorized third party access
  • Anatomy of a Cyber Security Breach: The Hero's Journey
    Anatomy of a Cyber Security Breach: The Hero's Journey Sam Curry of Cybereason; Andrew Hammond and Red Curry of SSH Communications Security; Hector Monsegur of Rhino Security Labs Recorded: Apr 11 2018 64 mins
    My mother was washing dishes in the kitchen when the glass window she was looking out shattered in front of her…she was OK but unfortunately my curve ball has never gotten better. The second law of thermodynamics dictates that you can't put together something that has fallen apart. There was no way I could put that shattered glass back together. The second law of thermodynamics applies to breaches. There is no way to go back once you have been breached. We will tell you what are the emerging threats, how to prepare, and how to proactively manage an ongoing breach. We will cover the following types of breaches:
    - Phishing Scams
    - Buffer Overflow
    - Password Hacking
    - Downloading Free Software
    - Fault Injection
  • Understanding the Status of ERP Security in the Cloud
    Understanding the Status of ERP Security in the Cloud JP Perez-Etchegoyen of Onapsis and Shamun Mahmud of CSA Recorded: Mar 21 2018 63 mins
    With ERP vendors reporting double-digit growth in cloud revenue year over year, many organizations are faced with the challenging task of planning a cloud migration of their most critical assets. Because these systems are typically more complex, and also house the organization's critical data and processes, special precautions must be taken when building a migration plan.

    During this webcast JP Perez-Etchegoyen, CTO of Onapsis Inc and Shamun Mahmud, Research Analyst at CSA, will present their key findings from the recently released white paper, "The State of Enterprise Resource Planning Security in the Cloud." Attendees will learn:
    - Security requirements of ERP and Business-Critical Applications
    - Cloud adoption trends
    - Challenges of migrating ERP solutions to the cloud
    - Common Security and privacy risks in cloud based ERP applications
    o SaaS ERP Applications
    o IaaS ERP Deployments
    o ERP extensions in PaaS cloud
    - Conclusions and key take-aways
  • How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget
    How to Design Successful Internal Bug Hunts: Squashing Security Bugs on a Budget Pieter Ockers of Adobe Recorded: Mar 19 2018 54 mins
    Far too often, testing software for security flaws falls into the “nice-to-have” category, taking a backseat to the demands of the marketplace and inflexible feature release schedules. In addition to the expense of hiring an outside security testing team, testing for and fixing obscure security bugs is a brake on an engineer’s ability to put new code in the hands of their customers. Fortunately, there is a workaround to this dilemma that will allow you to promote application security awareness while helping to reduce security bugs in your applications.

    An internal bug hunt contest - in which your employees compete for prizes by finding and reporting security bugs - enables you to harness the creativity and problem-solving skills of your workforce while reducing security bugs in your applications. It can also help promote a culture of security awareness - without a large security testing budget.

    An internal bug hunt contest can you help you:

    • Find and remediate vulnerabilities before external entities can exploit them
    • Provide a safe platform for your application owners to test for security bugs
    • Promote application security awareness
    • Engage employees outside of the central security team who want to explore the security domain

    In this webcast, you will learn how an internal bug bounty program can help you find security flaws in your applications before criminals or spies, while improving the security culture at your company.
  • CSA Summit at RSA Conference Preview
    CSA Summit at RSA Conference Preview Jim Reavis of CSA,Wayne Anderson of McAfee, Deena Thomchick of Symantec, Jervis Hui of Netskope, and Chris Steffen of Cyxtera Recorded: Mar 14 2018 35 mins
    Want to know what you can expect at this years CSA Summit at RSA Conference? Join this webinar to get a preview of several sessions including: 

    - Appetite for Destruction – The Cloud Edition
    Over the last two years, the multitude of data leaks and breaches in the cloud has skyrocketed. Many of these leaks are reminiscent of the past security lessons, and some show new attributes unique to our evolving computing environments. In this short talk, we’ll take a look at the past, and peer towards the prospective future being discussed during year’s summit. 

    - Cloud Security Journey
    Get a preview of how a major retailer solves the problem of security software chaos and fragmentation while addressing new security requirements. Get a real-world perspective on how they approached cloud security while addressing end-to-end compliance, data governance, and threat protection requirements. 

    - A GDPR-Compliance & Preparation Report Card
    With the impending May 2018 deadline for GDPR compliance, organizations worldwide need to account for the regulation in their security policies and programs. Join us for a preview of our recent study with the Cloud Security Alliance on how organizations are preparing for compliance. 

    - The Software-Defined Perimeter in Action
    Learn how organizations have taken CSA's Software-Defined Perimeter (SDP) from experimental to enterprise-grade. Join us for a preview of the valuable insights and hear best practices on how enterprises can make SDP adoption a reality that will be discussed at this year's summit.
  • Making Compliance Count
    Making Compliance Count Dave Lenoe and Molly Junck at Adobe Recorded: Mar 7 2018 57 mins
    It’s a brave new world, with bug bounties and crowd-sourced penetration tests now an up-and-coming way to augment security programs. But can you do the same with your compliance and certification programs? At Adobe, our security team has been working with our internal audit team and outside vendors to see if it’s possible – and the early returns are very encouraging!

    In this webinar you'll find out more about how you can leverage both internal and external security researchers to help with compliance efforts, while measuring your real-world security risk.

Embed in website or blog